8
// ContainerImageLabel is the key of the image annotation embedding a seccomp
10
const ContainerImageLabel = "io.containers.seccomp.profile"
12
// Policy denotes a seccomp policy.
16
// PolicyDefault - if set use SecurityConfig.SeccompProfilePath,
17
// otherwise use the default profile. The SeccompProfilePath might be
18
// explicitly set by the user.
19
PolicyDefault Policy = iota
20
// PolicyImage - if set use SecurityConfig.SeccompProfileFromImage,
21
// otherwise follow SeccompPolicyDefault.
25
// Map for easy lookups of supported policies.
26
var supportedPolicies = map[string]Policy{
28
"default": PolicyDefault,
32
// LookupPolicy looks up the corresponding Policy for the specified
33
// string. If none is found, an errors is returned including the list of
36
// Note that an empty string resolved to SeccompPolicyDefault.
37
func LookupPolicy(s string) (Policy, error) {
38
policy, exists := supportedPolicies[s]
43
// Sort the keys first as maps are non-deterministic.
45
for k := range supportedPolicies {
47
keys = append(keys, k)
52
return -1, fmt.Errorf("invalid seccomp policy %q: valid policies are %+q", s, keys)